Date: Wed, 25 Jan 95 12:55:16 EST
Errors-To: Comp-privacy Error Handler <owner-comp-privacy@uwm.edu>
From: Computer Privacy Digest Moderator <comp-privacy@uwm.edu>
To: Comp-privacy@uwm.edu
Subject: Computer Privacy Digest V6#009
Computer Privacy Digest Wed, 25 Jan 95 Volume 6 : Issue: 009
Today's Topics: Moderator: Leonard P. Levine
Re: Radio Shack Respects My Privacy
Re: Radio Shack Respects My Privacy
Re: Radio Shack Respects My Privacy
The Cyber Police are Coming?
The Cyber Police are Coming?
Total Surveillance
Re: DOJ Computer Seizure Guidelines
Protect Privacy Via CC to Individuals
Re: Mail Marked "Refused"
Requests for Home Phone Numbers
Re: Is the Post Office Subsidized?
Re: Is the Post Office Subsidized?
Cybersex Seattle
Re: Tax Forms Display SSN on Mailing Label
Info on CPD [unchanged since 12/29/94]
----------------------------------------------------------------------
From: seebaugh@ix.netcom.com (David Seebaugh)
Date: 24 Jan 1995 04:05:44 GMT
Subject: Re: Radio Shack Respects My Privacy
Organization: Netcom
"Prof. L. P. Levine" <levine@blatz.cs.uwm.edu> writes: In a recent
visit to a local Radio Shack I saw, for the first time, a poster on
the cash register with a picture of the big boss saying that Radio
Shack Respects Your Privacy. He then goes on to discuss their long
standing policy of asking for phone numbers. Seems that they might
be getting the point, let's watch.
They may respect your privacy, but make lots of room for your new
collection of RS sales flyers! :-)
------------------------------
From: Bill Hefley <weh@SEI.CMU.EDU>
Date: 24 Jan 95 09:25:42 EST
Subject: Re: Radio Shack Respects My Privacy
you write: In a recent visit to a local Radio Shack I saw, for the
first time, a poster on the cash register with a picture of the big
boss saying that Radio Shack Respects Your Privacy. He then goes
on to discuss their long standing policy of asking for phone
numbers. Seems that they might be getting the point, let's watch.
I doubt it, as on my last visit (my second in as many days, trying to
fix a severed TV cable), I just refused to give the phone number and
address stuff. I had my handicapped son with me and he was quite
restless and I just wanted out of the store after my $3 purchase.
I got no end of grief from the salesman, as he even claimed that his
loss prevention people had been there that very same day, and he could
get in trouble for making a sale without the ID. I finally told him
that he could have the sale or not, I didn't care, but he wwasn't
getting any information.
He grumped the whole way through about how he could make my life easier
if I'd make his easier and not get him in trouble. But, in the end, he
finally did take my money and tell me I wasn't entitled to a refund or
exchange.
--
Bill Hefley - Senior Member of the Technical Staff
Software Engineering Institute, Carnegie Mellon Univ. Pittsburgh, PA 15213
Office: +1-412-268-7793, Fax: +1-412-268-5758, internet: weh@sei.cmu.edu
------------------------------
From: jsivier@ux1.cso.uiuc.edu (Jonathan Sivier )
Date: 25 Jan 1995 16:29:46 GMT
Subject: Re: Radio Shack Respects My Privacy
Organization: University of Illinois at Urbana
"Prof. L. P. Levine" <levine@blatz.cs.uwm.edu> writes: In a recent
visit to a local Radio Shack I saw, for the first time, a poster on
the cash register with a picture of the big boss saying that Radio
Shack Respects Your Privacy. He then goes on to discuss their long
standing policy of asking for phone numbers. Seems that they might
be getting the point, let's watch.
The last couple of times I went to one of the local Radio Shacks
(within the past month), I wasn't asked for my phone number. It
certainly made for a more pleasant experience.
-------------------------------------------------------------------
| Jonathan Sivier | Ballo ergo sum. |
| jsivier@ux1.cso.uiuc.edu | (I dance therefore I am.) |
| Flight Simulation Lab | - des Cartwright |
| Beckman Institute | |
| 405 N. Mathews | SWMDG - Single White Male |
| Urbana, IL 61801 | Dance Gypsy |
| Work: 217/244-1923 | |
| Home: 217/359-8225 | Have shoes, will dance. |
-------------------------------------------------------------------
------------------------------
From: Kim Cerioni <kcerioni@clyde.ics.uci.edu>
Date: 24 Jan 95 07:05:02 GMT
Subject: The Cyber Police are Coming?
I have read articles alarming the general public that the FBI (Federal
Bureau of Investigation) is monitoring bulletin boards across the
network. Typically the articles start out with FBI agents at the
doorway of users, asking questions about their online messages. Given
the past history of law enforcement and their practice of wire-tapping
telephone lines, one can extrapolate this practice to the Internet,
transforming the "Super Information Highway" into the "Super Snooper
Highway".
The wiretapping analogy does not hold true to the Internet. Telephone
lines are owned by private companies, telephone conversations are
private, between two people. The internet is a public infrastructure,
discussions on bulletin boards are an open public forum. Should law
enforcement be banned from public places? This is contrary to their
mission. Do we band police officers from the public parks? What
happens when a rape occurs. Do we deny the county sheriff the right to
drive on public streets? How could they catch the criminals?
I think this whole controversy is over a misconception people have
about the internet. The feel and interaction is conversing verbally in
a small, intimate group of peers that share the same interest. (This
would explain the existence of anarchist - type bulletin boards.) When
in reality you are making a public record that any one can have access
to. People are really compromising their privacy by participating on
the Internet. For example, say you participate on a bulletin board for
wine connoisseurs, don't be surprised when your mailbox starts to fill
up with advertisements from wine retailers. The Internet is not about
privacy.
--
Waddayathink?--K. Cerioni
------------------------------
From: Nick Rosen <nick@global.demon.co.uk>
Date: 24 Jan 1995 09:10:21 +0000
Subject: The Cyber Police are Coming?
Cyberpolice says Newsweek. Is this just an ambitious Brooklyn Asst.
DA? Or is it Wash DC training cybercensors? Could someone in the US
post the article and any follow up?
If it is a serious attempt at Cybercensorship, it needs a global
solution.
--
Nick Rosen, London. Tel: 44-71-497-8179
http://www.intervid.co.uk/intervid/
email: nick@intervid.co.uk
------------------------------
From: too much caffeine <brewste@ecf.toronto.edu>
Date: 24 Jan 1995 10:57:11 -0500
Subject: Total Surveillance
I am preparing a presentation on the topic of the loss of personal
privacy resulting from the possibility for total, automated,
surveillance of our lives. I am not taking sides, rather describing
the technologies available and presenting the issues.
The technologies to which I refer are universal encryption chips,
intelligent video, satellite surveillance, neural nets, AI, biometrics,
robot spies, massivelt parallel computers, optical storage, voice
recognition, clipper chips, etc.
The issues under discussion include the loss of privacy; the ability of
automated systems to invade our privacy without search warrants, or
blame; the possibility for an Orweillian type of society to develop,
etc
I would appreciete any thoughts and ideas on this topic.
--
<brewste@ecf.toronto.edu>
Neil Brewster -- Eng Sci 9T8 (hopefully!)
"The whole of Nature is Chaos : A Fract all should know"
------------------------------
From: bear@fsl.noaa.gov (Bear Giles)
Date: 25 Jan 95 00:54:54 GMT
Subject: Re: DOJ Computer Seizure Guidelines
Organization: Forecast Systems Labs, NOAA, Boulder, CO USA
you write: EPIC Analysis of New Justice Department Draft Guidelines
on Searching and Seizing Computers
The guidelines suggest that users do not have an expectation of
privacy on commercial services and large mainframe systems because
users should know that system operators have the technical ability
to read all files on such systems.
That is absurd and directly contradicts existing law.
Telephone company employees not only have the technical ability to
eavesdrop on my (telephone) conversations, but my understanding is that
it is standard practice to randomly sample some connections to ensure
line quality. However my expectation of privacy is well recognized.
Many radio receivers have the technical ability to eavesdrop on
cellular phone conversations, but under current law I still have an
expectation of privacy. (e.g., if I discuss a murder the police and
someone overhears the conversation and reports it to the police, they
must obtain independent evidence before a search warrant can be
issued.)
A postal inspector has the technical ability to read my mail (it only
becomes more complex if he tries to do so without me becoming aware of
it) -- all he has to do is open the envelope. However the expectation
of privacy in the mail is a long-standing right.
Most contracts for computer services clearly state that an operator
will not "snoop" around user areas without a compelling technical
reason. For instance, if the file system is full and he's checking for
any multi-megabyte files which may be the symptom of a run-away
process. Operators who get caught violating these conditions tend to
be dismissed.
In a non-communications example, residential landlords invariably keep
a master key or duplicate key to all property they rent out. They have
the technical ability to enter an occupied unit at will, but the tenant
still has a reasonable right to privacy. Even if you consider an
apartment whose lease does not contain language requiring the landlord
give written prior notice (except in some well-defined emergency
conditions), the landlord *cannot* give permission for the police to
enter and search the premises. Those Constitutional rights belong to
the occupant, not the owner.
It's ludicrous that they even suggested this; I hope some LEA gets a
very bloody nose in court over it!
They recommend that the most prudent course is to obtain a warrant,
but suggest that in the absence of a warrant prosecutors should
argue that "reasonable users will also expect system administrators
[to be able] to access all data on the system."
Take out the phrase in brackets and you'll find very few experienced
and reasonable users who agree with this statement.
Leave the words in, and I have no reasonable expectation of privacy in
my own home because I can't prevent burglars from entering it. I can
take reasonable precautions (using locks, keeping windows closed and
lock when I'm away), but I expect a determined burglar could still
enter at will.
BTW, I agree that someone on a public system who keeps his accounts
world-readable doesn't have a reasonable expectation of privacy. But
I, and many others, routinely remove all permissions for other users on
all files and directories in personal accounts.
--
Bear Giles
bear@fsl.noaa.gov
------------------------------
From: rj.mills@pti-us.com (Dick Mills)
Date: 24 Jan 1995 08:05:26 -0500
Subject: Protect Privacy Via CC to Individuals
I once lived in Sweden. They don't respect individual rights a whole
lot there, but they did have an innovation that impressed me. They
have a law which mandates that the individual be sent a copy of any
credit reports sent out. Thus I got to see who asked for information
on me, when, and what they were told. Not bad. If there were any
inaccuracies in the report, I could act in a timely manner to correct
it.
That leads me to wonder if we couldn't form privacy rights legislation
on the same principle. Instead of attepting to stop digitized
signatures, sales records, video rental info, and the thousands of
other data gathering activities, we could require that the individual
be cc'd whenever this information was transmitted to third parties.
The idea may be practical or not depending on the scale. If someone
pays 5 dollars for my credit report, he can afford a stamp to send me a
copy. If a magazine sells 100,000 names from their subscriber list for
1 cent per name, they can't afford to notify everyone.
The cost of notification could be reduced by condensing all the
notifications into a monthy report by some clearing house. Liable
bureaus would report electronicly to the clearning house, and a printed
rerport sent to the individual once per month. On the other hand, the
clearning house itself and the condensed reports themselves could grow
to become the biggest security risks.
For sure, there would be problems in formulating and enforcing such a
law. Nevertheless, it sounds to me less dificult than protecting the
gathering of raw information or assuring the accuracy of stored
information.
Has this been proposed before?
--
Dick Mills rj.mills@pti-us.com
Power Technologies, Inc. phone +1(518)395-5154
P.O. Box 1058 fax +1(518)346-2777
Schenectady, NY 12301-1058
------------------------------
From: jesse@oes.amdahl.com (Jesse Mundis)
Date: 24 Jan 1995 09:37:38 -0800 (PST)
Subject: Re: Mail Marked "Refused"
"Virginia Matzek" <VMATZEK@alumni.berkeley.edu> writes: The last
time UPS came by our door, my boyfriend decided to scribble
something unrecognizable. The UPS guy looked at it, said he
couldn't read the signature, and asked him to try again. After
three (totally different and thoroughly unconvincing) scribbled
tries, the UPS guy gave up and punched my boyfriend's first and
last name in on the manual punchpad. A small victory for
privacy...
Heh, I did the same thing last time UPS came around with their pad. I
just clearly wrote my first initial followed by a squiggly line, then
my last initial followed by an other squiggly line. I've seen enough
signatures that look like that before. Apparently, so had the UPS guy
who just entered the name on the pad. ;-) I think I'll have fun with a
different signature each time.
--
Any opinions expressed above are mine and do not necessarily represent the
opinions policies of Amdahl Corporation.
Jesse Mundis | Amdahl Corporation | Remember:
jesse@oes.amdahl.com | 1250 East Arques Ave M/S 338 | Quality is job 1.1
(408) 746-4796 | Sunnyvale, CA 94088-3470 | -Heard from Maintenance
------------------------------
From: aj027@yfn.ysu.edu (Chip Kaye)
Date: 24 Jan 1995 20:44:04 GMT
Subject: Requests for Home Phone Numbers
Organization: St. Elizabeth Hospital, Youngstown, OH
I recently opened an account on CompuServe and filled in my home phone
# on their online form as 555-555-5555. I then tried logging onto the
account a few days later and was given an 800 number to call to
complete my unverified home phone. I would prefer not to give out my
phone number but was told that their policy was to require at least 1
phone number. I am wondering about the legality of this requirement.
I vaguely remember a number of years ago that merchants were prohibited
from requesting phone numbers when processing customer credit card
purchases. Any info would be helpful. Thanks.
--
_______c_____h_____i_____p_____________k_____a_____y_____e_____________
------------------------------
From: bear@fsl.noaa.gov (Bear Giles)
Date: 25 Jan 95 00:21:27 GMT
Subject: Re: Is the Post Office Subsidized?
Organization: Forecast Systems Labs, NOAA, Boulder, CO USA
you write: Does the Post Office make money or lose it on those
post-paid blow in cards commonly seen in magazines? Would the Post
Office reap a bonanza if everyone just dropped all those annoying
blow in cards into the mail box with no information filled in?
It's because of people like you that there are laws permitting the Post
Office to promptly deliver such mail to the trash can.
This also applies to postage paid envelopes attached to bricks, etc.
I'm not saying that guerrilla tactics aren't occasionally called for,
but use your head. E.g., _Byte_ magazine was absolutely convinced that
the fact I subscribed to a couple computer magazines meant I wanted,
nay needed, to subscribe to _Byte_. So it kept sending me mail.
I ignored them for six months or so, but _Byte_ was totally clueless.
So I grabbed the convenient response card which already had my name and
address printed on it and a red marker and wrote in big letters across
the card "LEAVE ME ALONE!"
The mail stopped. :-)
--
Bear Giles
bear@fsl.noaa.gov
------------------------------
From: pgfelker@aol.com (PGFelker)
Date: 24 Jan 1995 20:35:23 -0500
Subject: Re: Is the Post Office Subsidized?
Organization: America Online, Inc. (1-800-827-6364)
According to insiders (persons that I know that have spent their career
in the Post Office), yes, the Post Office considers that for every
piece of junk mail they deliver, they make several cents on each due to
returns. Even though those little blow-in irratants only cost one and
a fraction cents to the sponsoring business, the Post Offices reaps a
tidy little sum in the aggregate.
I have often wondered if every single piece of prepaid business mail
were to be returned with nothing in the envelope or the card left
blank, if it would be enough to cause the business to cease and desist
from the use of such advertisements. I have been told that the practice
does have an effect.
------------------------------
From: "Mich Kabay [NCSA Sys_Op]" <75300.3232@compuserve.com>
Date: 24 Jan 95 14:27:06 EST
Subject: Cybersex Seattle
From the Associated Press newswire (95.01.11 @ 08:38 EST) via
CompuServe's Executive News Service:
Cybersex.
By DAVID BAUDER
Associated Press Writer
ALBANY, N.Y. (AP) -- After several sexually graphic chats by
computer, a 51-year-old Seattle man traveled to New York last year
to meet his cyberspace partner: a 14-year-old girl.
By chance, they ran into her mother at a shopping mall. She called
authorities and the man, Alan Paul Barlow, was arrested and charged
with a misdemeanor for sending sexually explicit photographs of
himself to teen-agers.
The author explains that because of similar incidents, legislators are
proposing special laws making "sexual communications with minors on
computer" a felony.
Experts question the need for such laws, saying that existing laws
against pedophilia easily cover such cases of computer-based
communications.
--
M.E.Kabay,Ph.D.
Director of Education, NCSA (Carlisle, PA)
Mgmt Consultant, LGS Group Inc. (Montreal, QC)
------------------------------
From: bobleigh@world.std.com (Bob Leigh)
Date: 24 Jan 1995 19:47:35 GMT
Subject: Re: Tax Forms Display SSN on Mailing Label
Organization: The World Public Access UNIX, Brookline, MA
I just got my IRS package, and just the name and address are on the
outside! Bound into the middle is a piece of mailing-label stock with
the actual label to be used on my tax return. The package isn't sealed
in any way -- it's just a stapled booklet.
So it's better this year: my SSN isn't visible from the outside of the
package, but anybody could've checked my mailbox, found the package,
turned to the middle, and copied my SSN.
--
Bob Leigh bobleigh@world.std.com
[MODERATOR: Beginning last year with the 1993 tax forms the IRS has
begun to "hide" the SSN in the way described above. If you had filled
in a Schedule C in 1993 the form you received did not show the SSN. At
the time they told me that as new forms were worked over this practice
would spread to other mailings. There are a dozen different forms all
called form 1040 to the outsider, they will all ultimately be
modified.]
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 29 Dec 1994 10:50:22 -0600 (CST)
Subject: Info on CPD [unchanged since 12/29/94]
Organization: University of Wisconsin-Milwaukee
The Computer Privacy Digest is a forum for discussion on the effect of
technology on privacy or vice versa. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy (Moderated).
Submissions should be sent to comp-privacy@uwm.edu and administrative
requests to comp-privacy-request@uwm.edu.
This digest is a forum with information contributed via Internet
eMail. Those who understand the technology also understand the ease of
forgery in this very free medium. Statements, therefore, should be
taken with a grain of salt and it should be clear that the actual
contributor might not be the person whose email address is posted at
the top. Any user who openly wishes to post anonymously should inform
the moderator at the beginning of the posting. He will comply.
If you read this from the comp.society.privacy newsgroup and wish to
contribute a message, you should simply post your contribution. As a
moderated newsgroup, attempts to post to the group are normally turned
into eMail to the submission address below.
On the other hand, if you read the digest eMailed to you, you generally
need only use the Reply feature of your mailer to contribute. If you
do so, it is best to modify the "Subject:" line of your mailing.
Contributions to CPD should be submitted, with appropriate, substantive
SUBJECT: line, otherwise they may be ignored. They must be relevant,
sound, in good taste, objective, cogent, coherent, concise, and
nonrepetitious. Diversity is welcome, but not personal attacks. Do
not include entire previous messages in responses to them. Include
your name & legitimate Internet FROM: address, especially from
.UUCP and .BITNET folks. Anonymized mail is not accepted. All
contributions considered as personal comments; usual disclaimers
apply. All reuses of CPD material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy;
publications using CPD material should obtain permission from the
contributors.
Contributions generally are acknowledged within 24 hours
of submission. If selected, they are printed within two or three days.
The moderator reserves the right to delete extraneous quoted material.
He may change the SUBJECT: line of an article in order to make it easier
for the reader to follow a discussion. He will not, however, alter or
edit or append to the text except for purely technical reasons.
A library of back issues is available on ftp.cs.uwm.edu [129.89.9.18].
Login as "ftp" with password identifying yourid@yoursite. The archives
are in the directory "pub/comp-privacy".
People with gopher capability can most easily access the library at
gopher.cs.uwm.edu.
Mosaic users will find it at gopher://gopher.cs.uwm.edu.
Older archives are also held at ftp.pica.army.mil [129.139.160.133].
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
End of Computer Privacy Digest V6 #009
******************************
.